Your message dated Mon, 25 Jul 2011 07:55:30 +0000
with message-id <[email protected]>
and subject line Bug#612032: fixed in tesseract 2.04-2+squeeze1
has caused the Debian Bug report #612032,
regarding vulnerability: rewrite arbitrary user file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
612032: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612032
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tesseract
Version: 2.04-2
Severity: grave
Tags: security
Justification: user security hole
User: [email protected]
Usertags: origin-ubuntu natty
This bug report was also filed in Ubuntu and can be found at
http://launchpad.net/bugs/607297
The description, from segooon, follows:
Hi, I've just discovered that tesseract-ocr is vulnerable to rewriting any user
file:
DEBUG_WIN::DEBUG_WIN( //constructor
....
length +=
sprintf (command + length,
"\"stty opost; tty >/tmp/debug%d; while [ -s /tmp/debug%d ]\ndo\nsleep
1\ndone\" &\n",
pid, pid);
Here attacker can create link to any file in the system that user may write to.
The only he has to know - the pid of process. As it is (last PID + 1) by
default, it is not difficult to guess.
Thanks.
-- System Information:
Debian Release: squeeze/sid
APT prefers natty
APT policy: (500, 'natty')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.37-12-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: tesseract
Source-Version: 2.04-2+squeeze1
We believe that the bug you reported is fixed in the latest version of
tesseract, which is due to be installed in the Debian FTP archive:
tesseract-ocr-dev_2.04-2+squeeze1_amd64.deb
to main/t/tesseract/tesseract-ocr-dev_2.04-2+squeeze1_amd64.deb
tesseract-ocr_2.04-2+squeeze1_amd64.deb
to main/t/tesseract/tesseract-ocr_2.04-2+squeeze1_amd64.deb
tesseract_2.04-2+squeeze1.diff.gz
to main/t/tesseract/tesseract_2.04-2+squeeze1.diff.gz
tesseract_2.04-2+squeeze1.dsc
to main/t/tesseract/tesseract_2.04-2+squeeze1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <[email protected]> (supplier of updated tesseract package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 24 Jul 2011 21:22:56 +0100
Source: tesseract
Binary: tesseract-ocr tesseract-ocr-dev
Architecture: source amd64
Version: 2.04-2+squeeze1
Distribution: stable
Urgency: low
Maintainer: Jeffrey Ratcliffe <[email protected]>
Changed-By: Jonathan Wiltshire <[email protected]>
Description:
tesseract-ocr - Command line OCR tool
tesseract-ocr-dev - Development files for the tesseract command line OCR tool
Closes: 612032
Changes:
tesseract (2.04-2+squeeze1) stable; urgency=low
.
* Non-maintainer upload at the maintainer's request.
* Disable xterm-based debug windows (closes: #612032, LP: #607297).
Checksums-Sha1:
6a46d0d57ca3a1c755d9b88476932535abea9e0d 1775 tesseract_2.04-2+squeeze1.dsc
b53c95233441303fbd212c1a8de27636dbd9bc68 8486 tesseract_2.04-2+squeeze1.diff.gz
bfaa49414b480c30661973d6d0fc7be9794ca0e9 1026476
tesseract-ocr_2.04-2+squeeze1_amd64.deb
ba6bdc27f831209913f4df3e31f889f31f87c0fa 2430238
tesseract-ocr-dev_2.04-2+squeeze1_amd64.deb
Checksums-Sha256:
3f797bb7dd9463f83ddd3057bc74351ab8ae237adf42315d169cbce8aa4008fc 1775
tesseract_2.04-2+squeeze1.dsc
a90e9a887ecb11968078292e375d33b942b15a39a823034de7d10c6343b72599 8486
tesseract_2.04-2+squeeze1.diff.gz
ac6738f86e353d7e2cff9ebfcc4f29dbacbdd4b3abf5088bd89d066f6c65468a 1026476
tesseract-ocr_2.04-2+squeeze1_amd64.deb
5addddfa2527c81b7aeab0b3a8ef4c0a388df61f13c7c13926ead5f233f87e6a 2430238
tesseract-ocr-dev_2.04-2+squeeze1_amd64.deb
Files:
e2802c9dfb13ade58917aae937583c5f 1775 graphics optional
tesseract_2.04-2+squeeze1.dsc
f078d2fef0a62d453238a4f237d82dde 8486 graphics optional
tesseract_2.04-2+squeeze1.diff.gz
4391d9a7cc1e1ff13996ec2011bf8f9a 1026476 graphics optional
tesseract-ocr_2.04-2+squeeze1_amd64.deb
a910b1bd4ff4876535f957a56621988e 2430238 graphics optional
tesseract-ocr-dev_2.04-2+squeeze1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJOLJkoAAoJEFOUR53TUkxRBu0P/izLvwxe2g3sKrJnUsp+5OiW
ZF5r9GR42CZxLqRKk8qOqBHMV015EuT1OltlqXt7YnPLQTNIIOyTrwxLjkiTDluN
qFPVNkpWyszId3ikdLvYtEgSo6QqXHIXvBGhGiYfX0/DVLkl1/9MVWBNYZ4rSp0W
31RY+53n2Y9Srs6Zvz4cse0kIP6QU9C02nWVih2Au+RLllwjyAR1UbWYthwNT0Qp
gsfz0SRxnfwYDtHDeU3t50pS2M5zqUpwCt5Su6DYsXDuKFXtB8pQ7761zfHrR6/K
dxwQrnJB2pBh/a4EVla03R2n/vpquXZ4fi9diB2jkx90UIk9yMbZ9Csm1AHeUh8t
FZbPvmVKBh7ELbaNDRydn9TOQvsAd9Iid0Md5vb8osqHvcRbKsaKK305tO4UY2AB
kqqiLFV+zZauC7JBM5frA+qlPf9kYZLrx1VxQ7XPgnM+2f4dnVcIGaUxyAn7Wz/0
FNDZ942LvYIrUExQI9tX4EmsP00TotdYoQbBmp8AOIbarp9KE9OvuLnamvdWyaKy
3FZ4nzlvpqubCauBZTw6tXLZP4j5sFHhzt60Nci37ct446xfKqfRgrT4QOnqetXT
8WTQY5Ly/0FQAqXL3pF5Cn98/oPKVBV0Mqx9StEhH3KCA6iURm8KtRN0AjIkwqD7
Y0Qna9h8VlFq3+uMF8mY
=/ScC
-----END PGP SIGNATURE-----
--- End Message ---
